cvs was prone to a heap-based buffer overflow in the client side proxy handling